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Amendments to the Claims 

Please amend Claims 1 and 12-22. The Claim Listing below will replace all prior 
versions of the claims in the application: 

Claim Listing 

1 . (Currently amended) An agent process for controlling access to digital assets in a 
network of data processing devices , the process comprising: 

defining a security perimeter that includes two or more data processing devices; 

defining one or more policy violation predicates that serve to implement policy 
logic and that are asserted upon an occurrence of a possible risk of use of a digital asset 
by an end user outside of the security perimeter; 

sensing atomic l e vel digital ass e t acc e ss events from within an operating system 
kernel of a user client device, the atomic events being low level kernel events and being 
sensed upon actions relating to , th e s e nsing st e p locat e d within an op e rating system 
k e rn e l within an e nd us e r cli e nt d e vic e , at a point of authorized access to the a digital 
asset by the end user of the user client device ; 

aggregating multiple atomic level events to determine a combined event; and 

asserting a policy violation predicate upon an occurrence of a combined event that 
violates a predefined digital asset usage policy that indicates a risk of use of the digital 
asset outside of the security perimeter. 

2. (Original) A process as in Claim 1 wherein the step of asserting the policy violation 
predicate is implemented in an operating system kernel of the client user device. 

3. (Original) A process as in Claim 1 additionally comprising: 

preventing a user from accessing the digital asset if the policy predicate indicates 
a violated policy. 

4. (Original) A process as in Claim 3 wherein the preventing step includes an IRP intercept. 



10/706,871 



-3- 



5. (Original) A process as in Claim 1 wherein the combined event is a time sequence of 
multiple atomic level events. 

6. (Original) A process as in Claim 1 additionally comprising: 

prompting a user to document a reason for a policy violation, prior to granting 
access to the digital asset. 

7. (Previously presented) A process as in Claim 1 additionally comprising: 

asserting multiple policy violation predicates prior to indicating a risk of use of 
the digital asset outside of the security perimeter. 

8. (Original) A process as in Claim 2 that operates independently of application software. 

9. (Original) A process as in Claim 1 additionally comprising: 

notifying a user of a policy violation, and then permitting access to the digital 

asset. 

10. (Original) A process as in Claim 2 wherein the sensors, aggregators, and asserting steps 
operate in real time. 

1 1 . (Original) A process as in Claim 1 additionally comprising: 

determining the identity of a particular file in the asset access event. 

12. (Currently amended) A system for controlling access to digital assets in a network of data 
processing devices , the system comprising: 

a digital asset usage policy server[[, for]] storing one or more digital asset usage 
policies configured to be applied to a security perimeter, the security perimeter 
comprising two or more data processing devices; 
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an atomic l e v e l data proc e ssing asset acc e ss event sensor, the sensor located 
within an operating system kernel within an end user client device[[,]] and configured to 
sense atomic level events from within the operating system kernel the atomic events 
being low level kernel events and being sensed by the sensor upon actions relating to a^a 
point of authorized access by the e nd user devic e to one or more digital assets by an end 
user of the end user client device ; 

an atomic level event aggregator[[,]] configured to determine the occurrence of an 
aggregate event that comprises more than one atomic level asset access event; and 

a policy violation detecto r, for d e t e rmining if a combination of combin e d events 
configured to determine whether an aggregate event has occurred that violates a 
predefined digital asset usage policy that indicates a risk of use of a digital asset outside 
the security perimeter. 

13. (Currently amended) An apparatus A system as in Claim 12 wherein the policy violation 
detector is located in an operating system kernel of the user client device. 

14. (Currently amended) An apparatus A system as in Claim 12 wherein the policy violation 
detector det e rmin e s is configured to determine a violated policy type. 

15. (Currently amended) An apparatus A system as in Claim 14 wherein the policy violation 
detector includes an IRP intercept. 

16. (Currently amended) An apparatus A system as in Claim 12 wherein the combined event 
is a time sequence of multiple atomic level events. 

17. (Currently amended) An apparatus A system as in Claim 12 wh e r e in further including a 
user interface within the client device r e quir e s a configured to require the end user to 
document a reason for a policy violation prior to granting access to the digital asset. 
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18. (Currently amended) An apparatus A system as in Claim 12 wherein the policy violation 
detector is additionally ass e rts configured to assert multiple policy violation predicates 
prior to indicating a risk of use of the digital asset outside of the security perimeter. 

19. (Currently amended) An apparatus A system as in Claim 13 that op e rates is configured to 
operate independently of application software. 

20. (Currently amended) An apparatus A system as in Claim 1 2 additionally comprising: 
wherein a us e r int e rfac e running on the user client device includes a user interface 
configured to notify the end for notifying a user of a policy violation[[;]] and to permit 
p e rmitting access to the digital asset once a reason for the violation is provided by the end 
user. 

2 1 . (Currently amended) An apparatus A system as in Claim 1 2 wherein the sensor, 
aggregator and detector are configured to operate in real time. 



22. 



(Currently amended) An apparatus A system as in Claim 12 wherein the detector is 
additionally d e t e rmin es configured to determine the identity of a particular file in the 
atomic level asset event. 



